public
/
docs
5
0
Fork 0
Code Issues 14 Pull Requests 1 Packages Projects Releases Wiki Activity

more cleanup

This commit is contained in:
Anton Livaja 2025-01-28 00:05:10 -05:00
parent c0454d2818
commit e7e65c35c0
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
8 changed files with 60 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
quorum-key-management/src/SUMMARY.md
View File

@ -14,12 +14,12 @@
* [Fixed-Location]() * [Fixed-Location]()
* [Procurer](generated-documents/level-2/fixed-location/procurer/index.md) * [Procurer](generated-documents/level-2/fixed-location/procurer/index.md)
* [Procure Facility](generated-documents/level-2/fixed-location/procurer/procure-facility.md) * [Procure Facility](generated-documents/level-2/fixed-location/procurer/procure-facility.md)
* [Procure SD Card Pack](generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md)
* [Procure Tamper Proofing Equipment](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md) * [Procure Tamper Proofing Equipment](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md)
* [Procure Hardware](generated-documents/level-2/fixed-location/procurer/procure-hardware.md) * [Procure Hardware](generated-documents/level-2/fixed-location/procurer/procure-hardware.md)
* [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md) * [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md)
* [Provision Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md) * [Provision Ceremony Repository](generated-documents/level-2/fixed-location/provisioner/provision-ceremonies-repository.md)
* [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md) * [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
* [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md)
* [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md) * [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
* [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) * [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
* [Proposer](system-roles.md) * [Proposer](system-roles.md)

4
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md
View File

@ -2,7 +2,7 @@
## Requirements ## Requirements
* [SD Card Booster Pack](../provisioner/provision-sd-card.md) * [SD Card Pack](../procurer/procure-sd-card-pack.md)
* [Personal PGP Keys](/key-types.html#personal-pgp-keypair) * [Personal PGP Keys](/key-types.html#personal-pgp-keypair)
@ -12,7 +12,7 @@
1. Turn on the computer 1. Turn on the computer
1. Open the SD Card Booster Pack 1. Open the SD Card Pack
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

30
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
View File

@ -6,9 +6,9 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
{{ #include ../../operator-requirements.md:requirements }} {{ #include ../../operator-requirements.md:requirements }}
* [SD Card Booster Pack](../provisioner/provision-sd-card.md) * [SD Card Pack](../procurer/procure-sd-card-pack.md)
* [Shardfile SD Card](../provisioner/copy-shardfile-sd-card.md) * [Ceremony SD Card](../operator/ceremony-sd-card-provisioning.md)
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
@ -20,21 +20,15 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage 1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage
### Unsealing Tamper Proofing
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all materials except for the laptop into High Visibility Storage 1. Plug the AirgapOS SD card into the laptop
### Generating Entropy
1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop
1. Turn on the machine 1. Turn on the machine
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
1. Retrieve Shardfile SD card from High Visibility Storage and plug it into air-gapped laptop 1. Plug the Ceremony SD card into the machine
1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile: 1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:
@ -42,14 +36,24 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
* TODO: NOT IMPLEMENTED YET * TODO: NOT IMPLEMENTED YET
1. Back up the `<output_shardfile>` to any desired number of SD cards, and label each "Shardfile [unique_id] [date]" 1. Unseal an SD card pack
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all unsealed SD cards into High Visibility Storage
1. Back up the `<output_shardfile>` to any desired number of SD cards, and label each "Shardfile [unique_name] [date]"
1. `lsblk` to find media name
1. `cp <shard_file_name> /media/<media_name>`
1. Each backup should be placed into High Visibility Storage after it's made
1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
* `keyfork recover shard --daemon` * `keyfork recover shard --daemon`
### Finalizing Ceremony
1. Gather all the original items that were in the air-gapped bundle: 1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer * Air-gapped computer

23
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
View File

@ -10,8 +10,6 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
* `N` Smart Cards in the chosen `M of N` quorum * `N` Smart Cards in the chosen `M of N` quorum
* [Shardfile SD Card](../provisioner/copy-shardfile-sd-card.md)
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
## Procedure ## Procedure
@ -22,14 +20,10 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage 1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage
### Unsealing Tamper Proofing
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all materials except for the laptop into High Visibility Storage 1. Place all materials except for the laptop into High Visibility Storage
### Generating Entropy
1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop 1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop
1. Turn on the machine 1. Turn on the machine
@ -42,27 +36,32 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
* NOT IMPLEMENTED YET * NOT IMPLEMENTED YET
1. Unplug the Shardfile SD card and place it into High Visibility Storage 1. Unseal an SD card pack
1. Open the SD Card Booster Pack, and place all cards into High Visibility Storage {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all unsealed SD cards into High Visibility Storage
1. Plug in SD cards one at a time and use following steps to back up ceremony artifacts 1. Plug in SD cards one at a time and use following steps to back up ceremony artifacts
1. Find media name using `lsblk`
1. Back up the `shardfile.asc` 1. Back up the `shardfile.asc`
* `cp shardfile.asc /media/<media_name>`
1. Back up the `keyring.asc` 1. Back up the `keyring.asc`
* `cp keyring.asc /media/<media_name>`
1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command: 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
* `keyfork recover shard --daemon` * `echo -e '#!/bin/bash\nkeyfork recover shard --daemon' > /media/<media_name>/autorun.sh`
1. Unplug the SD card and place it in High Visibility Storage 1. Unplug the SD card and place it in High Visibility Storage
1. Label the SD card "Shardfile [date]" 1. Label the SD card "Shardfile [date]"
### Finalizing Ceremony
1. Gather all the original items that were in the air-gapped bundle: 1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer * Air-gapped computer

21
quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-sd-card-pack.md Normal file
View File

@ -0,0 +1,21 @@
# Procure SD Card Pack
## Requirements
{{ #include ../../basic-requirements.md:requirements }}
* Tamper proofing evidence (photographs)
* 5 Fresh SD card(s) per booster pack
* High Visibility Storage
## Procedure
{{ #include ../../../../component-documents/hardware-procurement-and-chain-of-custody.md:steps}}
1. Select 5 SD cards to be tamper proofed from High Visibility Storage
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
1. Label the tamper proofed package "SD Booster Pack [date]"

6
quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md
View File

@ -23,3 +23,9 @@ There are two options:
* Hand-held label printer with a built in keyboard * Hand-held label printer with a built in keyboard
* Non-standalone label printer that needs a computer to send it the file to print * Non-standalone label printer that needs a computer to send it the file to print
#### Examples
* [Brother P-Touch PT- D610BT Business Professional Connected Label Maker ](https://www.amazon.com/Brother-Business-Professional-Connected-Bluetooth%C2%AE/dp/B0B1KZJXPG/ref=sr_1_4)
* [Bluetooth Thermal Label Printer](https://www.amazon.com/LabelRange-Bluetooth-Wireless-Shipping-Packages/dp/B0DFC9GB5D/ref=sr_1_1_sspa)

1
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md
View File

@ -1 +0,0 @@
# Provision Ceremony SD Card

21
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md
View File

@ -1,21 +0,0 @@
# Provisioning SD Cards
SD cards are provisioned and tamper proofed in packs of 5 referred to as "SD Booster Packs"
## Requirements
{{ #include ../../basic-requirements.md:requirements }}
* Tamper proofing evidence (photographs)
* 5 Fresh SD card(s) per booster pack
* High Visibility Storage
## Procedure
1. Select 5 SD cards to be tamper proofed from High Visibility Storage
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
1. Label the tamper proofed package "SD Booster Pack [date]"